You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke LibRaw

Sigurnosni nedostaci programske biblioteke LibRaw

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2018-8c4e0b4335
2018-05-13 19:59:19.583151
——————————————————————————–

Name : LibRaw
Product : Fedora 28
Version : 0.18.11
Release : 1.fc28
URL : http://www.libraw.org
Summary : Library for reading RAW files obtained from digital photo cameras
Description :
LibRaw is a library for reading RAW files obtained from digital photo
cameras (CRW/CR2, NEF, RAF, DNG, and others).

LibRaw is based on the source codes of the dcraw utility, where part of
drawbacks have already been eliminated and part will be fixed in future.

——————————————————————————–
Update Information:

https://www.libraw.org/news/libraw-0-18-11 —- CVE-2018-10529 fixed: out
of bounds read in X3F parser CVE-2018-10528 fixed: possible stack overrun in
X3F parser
——————————————————————————–
ChangeLog:

* Thu May 10 2018 Gwyn Ciesla <limburgher@gmail.com> – 0.18.11-1
– 0.18.11.
* Thu May 3 2018 Gwyn Ciesla <limburgher@gmail.com> – 0.18.10-1
– 0.18.10.
* Wed Apr 25 2018 Gwyn Ciesla <limburgher@gmail.com> – 0.18.9-1
– 0.18.9.
——————————————————————————–
References:

[ 1 ] Bug #1576801 – LibRaw-0.18.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1576801
[ 2 ] Bug #1574326 – CVE-2018-10529 LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1574326
[ 3 ] Bug #1574322 – CVE-2018-10528 LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1574322
[ 4 ] Bug #1574486 – LibRaw-0.18.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574486
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-8c4e0b4335’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

AutorPetar Bertok
Cert idNCERT-REF-2018-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa opencv

Otkriveni su sigurnosni nedostaci u programskom paketu opencv za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...

Close